Comments (2)
isaisabel
commented on May 25, 2024
Hi @syntax90,
It's not possible to optimize the load time of a MemoryStore since the performance is because of the large size of our dataset. However, there are a number of other ways to load the data:
- Use a MemoryStore() as you have
- Convert the json to a FileSystemSource directory (like that seen on MITRE/CTI, and then load it as a FileSystemSource
- Connect to our TAXII server
These different options have different performance characteristics. Here's the result of some prior testing I did on the above listed options:
average time in seconds to initialize Enterprise FileSystemSource: 0.00011070399999999481
average time in seconds initialize Enterprise MemoryStore via Requests: 6.5625417941999995
average time in seconds initialize Enterprise TAXIICollectionSource: 0.13343816430000005
average time in seconds to perform example queries on FileSystemSource source: 14.884672774699998
average time in seconds to perform example queries on MemoryStore source: 0.2635593319999998
average time in seconds to perform example queries on TAXII source: 4.0353454838000005
I should note that in the above tests we were doing multiple queries after initializing, the 14 seconds for a FileSystemSource is not reflective of the execution time of a single query.
Overall it takes a long time to initialize a Memorystore, but it's easily the fastest when it comes to the actual query. TAXII is slower for queries but quick to initialize. FileSystemSources are very fast to initialize but slow to query to the point we decided not to include them on this repo (though they're easy to convert from a JSON bundle).
My recommendation is:
- If possible, use a MemoryStore and avoid re-initializing it as much as possible. The seconds of initialization time are easily made back by the comparative efficiency of queries.
- If you must re-initialize it frequently, connect to the TAXII server instead. The TAXII server does filtering on the server-side so it's a bit slower due to network usage but doesn't take much time at all to initialize.
If you decide to go the route of using our TAXII server, I should note that we only support TAXII2.0/STIX2.0 through that interface. We do hope to eventually stand up a TAXII2.1/STIX2.1 server but it will likely be a while before that's ready. The current TAXII server serves same content as our current STIX2.1 dataset but without some of the quality-of-life fields and features such as collections and x_mitre_domains.
Hope that helped!
from attack-stix-data.
isaisabel
commented on May 25, 2024
from attack-stix-data.
Related Issues (20)
- found registry hive typo in enterprise-mitre v11.3 json HOT 4
- Description of WMI Creation added to multiple other data sources
- CVE and ATT&CK - Question HOT 2
- Invalid UUID in enterprise-attack.json
- M1027
- Broken Links to data source entries in STIX file HOT 1
- Question: Do relationships include custom Attack properties?
- Have a field for superseded entry in enterprise-attack.json HOT 2
- Cyclic refs in stix-capec.json
- Missing reference for x_mitre_platforms property on relationships
- Question: How to get the relevant APTs or TTPs of a certain indicator.
- Kill Chain (phase_name) may not match Tactic (x_mitre_shortname) HOT 1
- v13.0 bundle ids match in both mitre/cti and mitre-attack/attack-stix-data, but content is different
- ATT&CK's STIX Property Extensions Use Deprecated Standard HOT 1
- Please update Usage docs when introducing new fields
- Discussion: stix data terms of use can block contributions to CNCF projects HOT 3
- v13.1 having Duplicated G0097 and S0302 spanning both [enterprise-attack and mobile-attack] Stix JSON files HOT 1
- Use TAGs for the corresponding version of MITRE ATT&CK HOT 1
- Bug: All MITRE ATT&CK ICS Techniques have "x_mitre_platforms": [ "None" ] HOT 7
- Software Discovery HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from attack-stix-data.